Glastonbury festival organisers have a substantial amount of egg on their faces today after El Reg learned of a data protection cock-up with the live music firm's registration system.
An email targeted at people who missed out on the iconic British music festival was sent out by Mean Fiddler suggesting they buy tickets for the …

COMMENTS

Taking things seriously

It seems that every time something like this happens, the guilty party (when eventually forced to apologise) states that they 'take matters like this extremely seriously'.

What do they expect people to think of such a statement? That they're not only incompetent (or malicious), but also liars? If I were them, I'd apologise, promise to try not to do it again and leave it at that.

We promise not to share your data - unless we want to.

Just to clarify your story a little - this year was the first time Glastonbury operated a registration scheme, where potential festival goers had to register their name, address and submit a photo in order to be eligible to buy tickets. This all had to be done by the 5th of March, otherwise one could not even attempt to buy tickets on the 1st April.

It would seem that the recipients of the spam email for the Latitude Festival were thus selected from the database of people who had registered but were nonetheless unsuccessful in buying tickets for Glastonbury.

Indeed I had registered back in February but in the end didn't even attempt to buy a ticket (other commitments prevailed), and as I was in no rush whatsoever back in February when I registered I can be 99.9% that if there was any need to opt out of information sharing with third parties I would have correctly opted out, whether that involved ticking or unticking boxes. Thus I'm 99.9% certain that there has been a breach in Glastonbury Festival's privacy policy and thus a contravention of the Data Protection Act. Very shabby behaviour by Mean Fiddler - unfortunately I suspect that they won't care very much as they've managed to get the word out about this Latitude Festival.

Third party?

Sorry to be a devil's advocate here, but if customers sign up for something on See Tickets' website, and then are emailed BY See Tickets, that isn't a third party, surely? It's just an example of cross-selling. As far as I can see the data wasn't shared with the Latitude festival organisers.

They should of just

Box not ticked

I didn't actually order any tickets so no box was ticked. I pre-registered my interest in tickets but as I had secured tickets through another route I did not go through the See pages. The email address I used to pre-register on the glastonbury site was unique and has not been used elsewhere. On the registration site assurances were given that details would be used for no other purpose and accordingly there was no option to opt in or opt out of any future use of data

In other words, the 'tick box' defence is rubbish, certainly in my case

It's become a joke

On the day of the second issue (the returned or duplicated tickets), I got through after about 90 minutes on the international line, and was told that, as I was ringing from Ireland, I should have been using the UK internal number.

After explaining to the politely rude lady in the call centre that Ireland is in fact a foreign country, she refused to believe me, and hung up.

The internal number - once formatted correctly - couldn't even connect to a busy signal from the republic. I went back to the international line, and got through an hour later to be told that it was in fact the correct number for me, but that they had just sold out. So through sheer ignorance on the part of their staff, I missed out on my ticket.

I sent a polite but mildly sarcastic email of complaint, more to vent than anything, and heard absolutley nothing back.

Except the email about the Latitude festival, which knew I'd failed to get a ticket.

So that's two strikes, and despite what they claim in the article, precisely zero apologies. They've completely breached data protection, as they knew I'd failed to get a ticket - and the tick box excuse is just an attempt at damage limitation. I've lost a lot of faith in how Glasto is run, given the shambles that is their ticket system. Who knows who else they've passed my details to?

Got spammed, haven't used SeeTickets

The seetickets explaination for the Latitude festival is not even valid, Glasto organisation (or more likely Live Nation (ex ClearChannel, new owner of Mean Fiddler)) should have directly passed the registered customers details.

I personaly pre-registered for Glastonbury but due to unplanned circumstances I was NOT able to try to grab tickets, so there is absolutely NO WAY that I would have signed up for anything on the Seetickets web site as I NEVER accessed it in relation to Glastonbury festival.

Very annoyed!

The Apology Email

Has anyone actually received the apology mentioned in the article? Like all-else, I received the spam no bother, but I'll be damned if a desperate desert wind ain't now blowing through my inbox. Ah well.

The spam was to those who registered

I got the spam (but haven't seen the apology, presumably because spam filters have kicked in).

Although I registered for the festival, in the event I *didn't* try to buy tickets, so the fact that I failed to buy a ticket could only be inferred by comparing the registration database with the list of successful purchases.